Facebook Users Hacked While Trying To Hack Friends’ Accounts
An online tool that has recently become popular among Facebook users in
India promises users that it will hack their friends' Facebook accounts.
However, it has been revealed that the tool instead hacks these
Facebook users' accounts!
This Facebook hacking tool, which has
the disclaimer "For Education Purpose," is hyperlinked to a document in
Google Drive. This document has a code, which is to be pasted in web
browsers' address bars. As per the instructions in the document, the
user needs to wait for two hours for the hack to take effect.
According
to a blog post by Symantec researcher Satnam Narang, instead of hacking
their friends' accounts, this hack will perform a series of actions
without their knowledge.
"Behind the scene, your account is used
to follow lists and users, and give likes to pages in order to inflate
the follower and like counts defined by the scammers. Your account is
also used to tag the names of all your friends in the comment section of
the original post," he says.
That is not all. The post says,
"This is done to help the scam spread further, playing off the curiosity
of your friends, who may visit the post to find out more and hopefully
follow the instructions as well."
This scam originally started in
2011 and is a variation of self-XSS (self cross-site scripting). The
original scammers behind this iteration had great success with the scam
at the beginning of this year, netting between 50,000 to 100,000 likes
and followers on a number of pages and profiles, according to Narang's
blog.
This campaign is allegedly run by hackers based in India,
who have modified the original authors' code by simply adding their own
pages and profiles into the script to increase their follower and like
counts.
Users who have clicked on such a link can check whether
or not their account has liked and followed a number of pages and
profiles without consent in their activity logs.
No comments:
Post a Comment
Enter your valuable comments here